omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass
Published: November 14, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-4593 (NVD)
- GHSA: GHSA-33vg-hpx5-pfxg
- OSVDB: OSVDB-99888
GEM
SEVERITY
PATCHED VERSIONS
>= 1.5.1
DESCRIPTION
omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user.